Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0f022e1 by Salvatore Bonaccorso at 2022-01-31T06:20:08+01:00
Adjust tracking for CVE-2022-23808
Rationale: CVE-2022-23808 is about the setup for pypmyadmin, not
available in Debian according to the reference, but the code affected.
Thus demote the severity to unimportant and mark it as fixed once 5.1.2
lands.
- - - - -
33591c4c by Salvatore Bonaccorso at 2022-01-31T06:21:58+01:00
Adjust tracking for CVE-2022-23807
Rationale: The 2FA support is not packages according to the research and
references, but the affected source code is. Demote the severity to
unimprtant and mark it as fixed once 5.1.2 lands in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1500,18 +1500,17 @@ CVE-2021-4208
CVE-2022-23809
RESERVED
CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An
attacker ca ...)
- - phpmyadmin <not-affected> (2FA is not packaged yet and the setup is
not available to be used)
+ - phpmyadmin <unfixed> (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28
(setup not available)
- NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3
(missing 2FA packages)
CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1
before ...)
- - phpmyadmin <not-affected> (2FA is not packaged yet and the setup is
not available to be used)
+ - phpmyadmin <unfixed> (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32
- NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28
(setup not available)
NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3
(missing 2FA packages)
+ NOTE: 2FA support is not packaged in Debian
CVE-2022-23806
RESERVED
CVE-2022-23805
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34982fa7b201b730fa6c8cff987430f27a1bf11b...33591c4ccae719c469d82dbf97e5263e0ab02f21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34982fa7b201b730fa6c8cff987430f27a1bf11b...33591c4ccae719c469d82dbf97e5263e0ab02f21
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
